From db4d47bdc6e2877e3d7caf33ded5054483dd2dc0 Mon Sep 17 00:00:00 2001
From: Maximilian Moser <maximilian.moser@tuwien.ac.at>
Date: Wed, 18 Sep 2024 23:02:49 +0200
Subject: [PATCH] security: filter out current session if it's set to `None`

* also, rename it to avoid controversial terminology
---
 invenio_accounts/views/security.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/invenio_accounts/views/security.py b/invenio_accounts/views/security.py
index 29e11b80..f73e3dd6 100644
--- a/invenio_accounts/views/security.py
+++ b/invenio_accounts/views/security.py
@@ -22,15 +22,19 @@
 def security():
     """View for security page."""
     sessions = SessionActivity.query_by_user(user_id=current_user.get_id()).all()
-    master_session = None
+    current_session = None
     for index, session in enumerate(sessions):
         if SessionActivity.is_current(session.sid_s):
-            master_session = session
+            current_session = session
             del sessions[index]
+
+    # If the current session is still `None`, filter it out
+    sessions = [current_session] + sessions if current_session is not None else sessions
+
     return render_template(
         current_app.config["ACCOUNTS_SETTINGS_SECURITY_TEMPLATE"],
         formclass=RevokeForm,
-        sessions=[master_session] + sessions,
+        sessions=sessions,
         is_current=SessionActivity.is_current,
     )